upgrade weave, flannel, kubernetes and base AMI image

k8s/02_efs.sh

@@ -12,12 +12,14 @@ trap 'err_report $LINENO' ERR
 
 START_TIME=`date +%s`
 
+CLUSTER_SPEC_TEMPLATE=$1
+
 my_dir="$(dirname "$0")"
 source "$my_dir/install-playbook/validation.sh"
 
 echo "Installing EFS..."
 
-vpcId=`aws ec2 describe-vpcs --region=$AWS_REGION --filters Name=tag:Name,Values=$NAME --output text | awk '/VPCS/ { print $8 }'`
+vpcId=`aws ec2 describe-vpcs --region=$AWS_REGION --filters Name=tag:Name,Values=$CLUSTER_NAME --output text | awk '/VPCS/ { print $8 }'`
 
 if [[ -z ${vpcId} ]]; then
   echo "Couldn't detect AWS VPC created by `kops`"
@@ -26,7 +28,7 @@ fi
 
 echo "Detected VPC: $vpcId"
 
-securityGroupId=`aws ec2 describe-security-groups --region=$AWS_REGION --output text | awk '/nodes.'$NAME'/ && /SECURITYGROUPS/ { print $6 };'`
+securityGroupId=`aws ec2 describe-security-groups --region=$AWS_REGION --output text | awk '/nodes.'$CLUSTER_NAME'/ && /SECURITYGROUPS/ { print $6 };'`
 
 if [[ -z ${securityGroupId} ]]; then
   echo "Couldn't detect AWS Security Group created by `kops`"

k8s/03_ebs.sh

@@ -12,6 +12,8 @@ trap 'err_report $LINENO' ERR
 
 START_TIME=`date +%s`
 
+CLUSTER_SPEC_TEMPLATE=$1
+
 my_dir="$(dirname "$0")"
 source "$my_dir/install-playbook/validation.sh"
 

k8s/04_testground_daemon.sh

@@ -12,6 +12,8 @@ trap 'err_report $LINENO' ERR
 
 START_TIME=`date +%s`
 
+CLUSTER_SPEC_TEMPLATE=$1
+
 my_dir="$(dirname "$0")"
 source "$my_dir/install-playbook/validation.sh"
 

k8s/cluster.yaml

@@ -2,8 +2,10 @@ apiVersion: kops.k8s.io/v1alpha2
 kind: Cluster
 metadata:
   creationTimestamp: null
-  name: ${NAME}
+  name: ${CLUSTER_NAME}
 spec:
+  docker:
+    skipInstall: true
   cloudLabels:
     Team: ${TEAM}
     Project: ${PROJECT}
@@ -27,7 +29,7 @@ spec:
     rbac: {}
   channel: stable
   cloudProvider: aws
-  configBase: ${KOPS_STATE_STORE}/${NAME}
+  configBase: ${KOPS_STATE_STORE}/${CLUSTER_NAME}
   docker:
     defaultUlimit:
     - "nofile=${ULIMIT_NOFILE}"
@@ -83,9 +85,9 @@ spec:
     kubeAPIBurst: 40
   kubernetesApiAccess:
   - 0.0.0.0/0
-  kubernetesVersion: 1.18.3
-  masterInternalName: api.internal.${NAME}
-  masterPublicName: api.${NAME}
+  kubernetesVersion: 1.18.10
+  masterInternalName: api.internal.${CLUSTER_NAME}
+  masterPublicName: api.${CLUSTER_NAME}
   networkCIDR: 172.20.0.0/16
   networking:
     flannel:
@@ -115,7 +117,7 @@ kind: InstanceGroup
 metadata:
   creationTimestamp: null
   labels:
-    kops.k8s.io/cluster: ${NAME}
+    kops.k8s.io/cluster: ${CLUSTER_NAME}
   name: master-${ZONE}
 spec:
   additionalUserData:
@@ -139,7 +141,7 @@ spec:
       net.ipv4.neigh.default.gc_thresh2 = 4096
       net.ipv4.neigh.default.gc_thresh3 = 32768
       EOT
-  image: 909427826938/testground_2020-06-09
+  image: 909427826938/testground_2020-10-30
   machineType: ${MASTER_NODE_TYPE}
   maxSize: 1
   minSize: 1
@@ -156,7 +158,7 @@ kind: InstanceGroup
 metadata:
   creationTimestamp: null
   labels:
-    kops.k8s.io/cluster: ${NAME}
+    kops.k8s.io/cluster: ${CLUSTER_NAME}
   name: nodes
 spec:
   additionalUserData:
@@ -182,7 +184,7 @@ spec:
       EOT
   cloudLabels:
     testground.node.role.plan: "true"
-  image: 909427826938/testground_2020-06-09
+  image: 909427826938/testground_2020-10-30
   machineType: ${WORKER_NODE_TYPE}
   maxSize: ${WORKER_NODES}
   minSize: ${WORKER_NODES}
@@ -201,7 +203,7 @@ kind: InstanceGroup
 metadata:
   creationTimestamp: null
   labels:
-    kops.k8s.io/cluster: ${NAME}
+    kops.k8s.io/cluster: ${CLUSTER_NAME}
   name: tginfra
 spec:
   additionalUserData:
@@ -227,7 +229,7 @@ spec:
       EOT
   cloudLabels:
     testground.node.role.infra: "true"
-  image: 909427826938/testground_2020-06-09
+  image: 909427826938/testground_2020-10-30
   machineType: c5.2xlarge
   maxSize: 2
   minSize: 2

k8s/delete_efs.sh

@@ -11,19 +11,19 @@ err_report() {
 
 trap 'err_report $LINENO' ERR
 
-vpcId=`aws ec2 describe-vpcs --filters Name=tag:Name,Values=$NAME --output text | awk '/VPCS/ { print $8 }'`
+vpcId=`aws ec2 describe-vpcs --filters Name=tag:Name,Values=$CLUSTER_NAME --output text | awk '/VPCS/ { print $8 }'`
 
 if [[ -z ${vpcId} ]]; then
-  echo "Couldn't detect AWS VPC created by `kops`"
+  echo "Couldn't detect AWS VPC created by kops"
   exit 1
 fi
 
 echo "Detected VPC: $vpcId"
 
-securityGroupId=`aws ec2 describe-security-groups --output text | awk '/nodes.'$NAME'/ && /SECURITYGROUPS/ { print $6 };'`
+securityGroupId=`aws ec2 describe-security-groups --output text | awk '/nodes.'$CLUSTER_NAME'/ && /SECURITYGROUPS/ { print $6 };'`
 
 if [[ -z ${securityGroupId} ]]; then
-  echo "Couldn't detect AWS Security Group created by `kops`"
+  echo "Couldn't detect AWS Security Group created by kops"
   exit 1
 fi
 
@@ -41,7 +41,7 @@ pushd efs-terraform
 S3_BUCKET="${KOPS_STATE_STORE:5:100}"
 
 terraform init -backend-config=bucket=$S3_BUCKET \
-               -backend-config=key=tf-efs-$NAME \
+               -backend-config=key=${DEPLOYMENT_NAME}-efs \
                -backend-config=region=$AWS_REGION
 
 terraform destroy -var aws_region=$AWS_REGION -var fs_subnet_id_zone_a=$subnetIdZoneA -var fs_subnet_id_zone_b=$subnetIdZoneB -var fs_sg_id=$securityGroupId -auto-approve

k8s/delete_kops.sh

@@ -11,4 +11,4 @@ err_report() {
 
 trap 'err_report $LINENO' ERR
 
-kops delete cluster $NAME --yes
+kops delete cluster $CLUSTER_NAME --yes

k8s/install-playbook/validation.sh

@@ -7,7 +7,7 @@ set -e
 # Validate required arguments
 if [ -z "$CLUSTER_SPEC_TEMPLATE" ]
 then
-  echo -e "Please provider cluster spec template file as argument. For example: \`./install.sh cluster.yaml\`"
+  echo -e "Please provider cluster spec template file as argument. For example: \`./01_install.sh cluster.yaml\`"
   exit 2
 fi
 if [ ! -f "$CLUSTER_SPEC_TEMPLATE" ]; then

k8s/kops-weave/flannel.yml

@@ -171,7 +171,7 @@ spec:
       priorityClassName: system-node-critical
       initContainers:
       - name: install-cni
-        image: quay.io/coreos/flannel:v0.11.0-amd64
+        image: quay.io/coreos/flannel:v0.13.0-amd64
         command:
         - cp
         args:
@@ -185,7 +185,7 @@ spec:
           mountPath: /etc/kube-flannel/
       containers:
       - name: kube-flannel
-        image: quay.io/coreos/flannel:v0.11.0-amd64
+        image: quay.io/coreos/flannel:v0.13.0-amd64
         command:
         - /opt/bin/flanneld
         args:

k8s/kops-weave/weave.yml

@@ -194,8 +194,7 @@ items:
                     fieldRef:
                       apiVersion: v1
                       fieldPath: spec.nodeName
-              #image: 'docker.io/weaveworks/weave-kube:2.6.0'
-              image: 'iptestground/weave-kube:0.0.1'
+              image: 'iptestground/weave-kube:0.0.2-v2.7.0-63821434'
               readinessProbe:
                 httpGet:
                   host: 127.0.0.1

k8s/packer/Makefile

@@ -1,2 +1,2 @@
 build-ami-image:
-	packer build -var 'source_ami=ami-093dda5e01f6102a8' -var 'aws_region=eu-central-1' testground-ami.json
+	packer build -var 'source_ami=ami-0ed4a9453b39ea8c1' -var 'aws_region=eu-west-2' testground-ami.json

k8s/packer/README.md

@@ -1,15 +1,6 @@
 ## Background
 
-Testground AMI image is currently based on `k8s-1.17-debian-stretch-amd64-hvm-ebs-2020-01-17`
-
-You can get a specific AMI for a given region with:
-
-```
-aws ec2 describe-images --region eu-west-2  --output table \
-  --owners 383156758163 \
-  --query "sort_by(Images, &CreationDate)[*].[CreationDate,Name,ImageId]" \
-  --filters "Name=name,Values=*-debian-stretch-*"
-```
+Testground AMI image is currently based on `099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20201014` (since this is what kops v1.18.2 is using)
 
 ---
 

k8s/packer/distribute-image.sh

@@ -26,10 +26,10 @@ then
   exit 2
 fi
 
-aws ec2 copy-image --name $NAME --source-image-id $SOURCE_IMAGE_ID  --source-region eu-central-1 --region eu-west-1
-aws ec2 copy-image --name $NAME --source-image-id $SOURCE_IMAGE_ID  --source-region eu-central-1 --region eu-west-2
-aws ec2 copy-image --name $NAME --source-image-id $SOURCE_IMAGE_ID  --source-region eu-central-1 --region us-east-1
-aws ec2 copy-image --name $NAME --source-image-id $SOURCE_IMAGE_ID  --source-region eu-central-1 --region us-east-2
-aws ec2 copy-image --name $NAME --source-image-id $SOURCE_IMAGE_ID  --source-region eu-central-1 --region us-west-1
-aws ec2 copy-image --name $NAME --source-image-id $SOURCE_IMAGE_ID  --source-region eu-central-1 --region us-west-2
-aws ec2 copy-image --name $NAME --source-image-id $SOURCE_IMAGE_ID  --source-region eu-central-1 --region ap-southeast-1
+aws ec2 copy-image --name $NAME --source-image-id $SOURCE_IMAGE_ID  --source-region eu-west-2 --region eu-west-1
+aws ec2 copy-image --name $NAME --source-image-id $SOURCE_IMAGE_ID  --source-region eu-west-2 --region eu-central-1
+aws ec2 copy-image --name $NAME --source-image-id $SOURCE_IMAGE_ID  --source-region eu-west-2 --region us-east-1
+aws ec2 copy-image --name $NAME --source-image-id $SOURCE_IMAGE_ID  --source-region eu-west-2 --region us-east-2
+aws ec2 copy-image --name $NAME --source-image-id $SOURCE_IMAGE_ID  --source-region eu-west-2 --region us-west-1
+aws ec2 copy-image --name $NAME --source-image-id $SOURCE_IMAGE_ID  --source-region eu-west-2 --region us-west-2
+aws ec2 copy-image --name $NAME --source-image-id $SOURCE_IMAGE_ID  --source-region eu-west-2 --region ap-southeast-1

k8s/packer/docker-pull-images.sh

@@ -1,34 +1,47 @@
 #!/bin/bash
-sudo docker pull kope/kops-controller:1.18.0-beta.1
-sudo docker pull kope/dns-controller:1.18.0-beta.1
-sudo docker pull kope/kube-apiserver-healthcheck:1.18.0-beta.1
-sudo docker pull kopeio/etcd-manager:3.0.20200531
-sudo docker pull k8s.gcr.io/kube-proxy:v1.18.3
-sudo docker pull k8s.gcr.io/kube-apiserver:v1.18.3
-sudo docker pull k8s.gcr.io/kube-scheduler:v1.18.3
-sudo docker pull k8s.gcr.io/kube-controller-manager:v1.18.3
+
+sudo apt update
+sudo apt install -y docker.io
+
+sudo docker pull bitnami/redis:5.0.8-debian-10-r39
+sudo docker pull bitnami/redis-exporter:1.5.2-debian-10-r27
+sudo docker pull busybox:1.31.1
+sudo docker pull busybox:1.31.1-glibc
+sudo docker pull grafana/grafana:7.0.3
+sudo docker pull influxdb:1.8-alpine
+sudo docker pull iptestground/curl-ssl:0.0.1
+sudo docker pull iptestground/goproxy:2.0.2
+sudo docker pull iptestground/weave-kube:0.0.2-v2.7.0-63821434
+sudo docker pull jettech/kube-webhook-certgen:v1.2.1
+sudo docker pull jettech/kube-webhook-certgen:v1.3.0
+sudo docker pull jimmidyson/configmap-reload:v0.3.0
+sudo docker pull k8s.gcr.io/cluster-proportional-autoscaler-amd64:1.8.1
 sudo docker pull k8s.gcr.io/coredns:1.6.7
-sudo docker pull k8s.gcr.io/cluster-proportional-autoscaler-amd64:1.4.0
+sudo docker pull k8s.gcr.io/kube-apiserver:v1.18.10
+sudo docker pull k8s.gcr.io/kube-controller-manager:v1.18.10
+sudo docker pull k8s.gcr.io/kube-proxy:v1.18.10
+sudo docker pull k8s.gcr.io/kube-scheduler:v1.18.10
 sudo docker pull k8s.gcr.io/pause-amd64:3.2
-sudo docker pull quay.io/prometheus/node-exporter:v1.0.0
-sudo docker pull quay.io/prometheus/prometheus:v2.18.1
+sudo docker pull kiwigrid/k8s-sidecar:0.1.151
+sudo docker pull kope/dns-controller:1.18.2
+sudo docker pull kope/kops-controller:1.18.2
+sudo docker pull kope/kube-apiserver-healthcheck:1.18.2
+sudo docker pull kopeio/etcd-manager:3.0.20200531
+sudo docker pull quay.io/coreos/flannel:v0.11.0-amd64
+sudo docker pull quay.io/coreos/flannel:v0.13.0-amd64
+sudo docker pull quay.io/coreos/prometheus-config-reloader:v0.38.1
+sudo docker pull quay.io/coreos/prometheus-operator:v0.38.1
 sudo docker pull quay.io/external_storage/efs-provisioner:v2.4.0
 sudo docker pull quay.io/huawei-cni-genie/genie-admission-controller:1382
 sudo docker pull quay.io/huawei-cni-genie/genie-plugin:1382
-sudo docker pull quay.io/coreos/flannel:v0.11.0-amd64
-sudo docker pull grafana/grafana:7.0.3
-sudo docker pull busybox:1.31.1
-sudo docker pull kiwigrid/k8s-sidecar:0.1.151
-sudo docker pull influxdb:1.8-alpine
-sudo docker pull bitnami/redis:5.0.8-debian-10-r39
-sudo docker pull docker.io/bitnami/redis-exporter:1.5.2-debian-10-r27
-sudo docker pull iptestground/weave-kube:0.0.1
-sudo docker pull iptestground/curl-ssl:0.0.1
-sudo docker pull iptestground/goproxy:2.0.2
+sudo docker pull quay.io/jetstack/cert-manager-webhook:v0.16.0
+sudo docker pull quay.io/prometheus/node-exporter:v1.0.0
+sudo docker pull quay.io/prometheus/prometheus:v2.18.2
+sudo docker pull squareup/ghostunnel:v1.5.2
 
 TEMPDIR=`mktemp -d`
 pushd $TEMPDIR
-wget https://kubeupv2.s3.amazonaws.com/kops/1.8.1/images/protokube.tar.gz
+wget https://kubeupv2.s3.amazonaws.com/kops/1.18.2/images/protokube.tar.gz
 sudo docker load < protokube.tar.gz
 popd
 

k8s/packer/testground-ami.json

@@ -12,7 +12,7 @@
     "region": "{{user `aws_region`}}",
     "source_ami": "{{user `source_ami`}}",
     "instance_type": "m4.xlarge",
-    "ssh_username": "admin",
+    "ssh_username": "ubuntu",
     "ami_name": "testground_{{isotime \"2006-01-02\"}}"
   }],
   "provisioners": [